CVE-2024-9475
📋 TL;DR
This SQL injection vulnerability in the Poll Maker WordPress plugin allows authenticated attackers with administrator permissions to execute arbitrary SQL queries. Attackers can extract sensitive database information like user credentials or configuration data. Only WordPress sites using vulnerable versions of the Poll Maker plugin are affected.
💻 Affected Systems
- Poll Maker – Versus Polls, Anonymous Polls, Image Polls WordPress plugin
📦 What is this software?
Poll Maker by Ays Pro
⚠️ Risk & Real-World Impact
Worst Case
Complete database compromise including extraction of administrator credentials, sensitive user data, and potential privilege escalation to full site control.
Likely Case
Extraction of sensitive poll data, user information, and potentially WordPress configuration details that could enable further attacks.
If Mitigated
Limited impact due to proper access controls and monitoring, with only authorized administrators able to exploit the vulnerability.
🎯 Exploit Status
Exploitation requires administrator-level WordPress credentials. The vulnerability is in the order_by parameter handling.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 5.4.7 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3200000/poll-maker/tags/5.4.7/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Poll Maker' plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 5.4.7+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable Poll Maker Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate poll-maker
Restrict Administrator Access
allLimit administrator accounts and implement strong authentication controls
🧯 If You Can't Patch
- Implement strict access controls for administrator accounts and monitor administrator activity
- Deploy web application firewall (WAF) rules to block SQL injection patterns in order_by parameters
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins → Poll Maker version. If version is 5.4.6 or lower, you are vulnerable.Check Version:
wp plugin get poll-maker --field=versionVerify Fix Applied:
Verify Poll Maker plugin version is 5.4.7 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual SQL queries in WordPress or database logs
- Multiple failed login attempts followed by administrator access
- Unexpected database queries containing ORDER BY clauses with unusual parameters
Network Indicators:
- HTTP POST requests to WordPress admin-ajax.php or admin-post.php with unusual order_by parameters
- SQL error messages in HTTP responses
SIEM Query:
source="wordpress.log" AND "order_by" AND ("UNION" OR "SELECT" OR "FROM" OR "WHERE")